Thanks, so that means i have to add the account two times , 1st in google and then in my application?
Ryan Shelley wrote: > Yes, that's the possibility - and actually, that's usually how most test > implementations work. The idea is that Google will delegate authentication > to you, so it's your responsibility to ensure that the user is properly > authenticated to your network. If there's a flaw in your application that > allows a user to authenticate as someone else, then there's the potential > that an individual could access another user's mailbox. However, this > "flaw" exists in most (if not all) SSO implementations. In any SSO > infrastructure, not just SAML, you should never capture the password from > the user, store it, and pass it on to other resources. Instead, you > authenticate the user and generate a token that validates the user, then > pass the token around to resources that trust that token, such as Google. > > If you don't want to create your own SSO infrastructure, you can use an > existing SSO implementation such as CAS (http://www.ja-sig.org/products/cas/) > that is known to integrate with Google (and dozens of other applications), > is stable, secure, free (open-source), and very customizable. Oh, and if it > doesn't integrate with your application, and you can modify it's login > process, you can integrated it with CAS yourself. > > -Ryan > > On Dec 23, 2007 11:55 AM, ByteCode <[EMAIL PROTECTED]> wrote: > > > > > HI, > > i have a question regarding sso , how does google know that the user > > has a valid password? cuz i dont see any password submitted back to > > google in saml response, in other words i may create a Login method > > which always return the username which means the users is sucessfully > > authenticated and anyone can login by just typing their username on my > > sso page? > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
